<?php
require_once "login.inc";
if (isset($_POST["username"]) && isset($_POST["password"])) {
     require_once "DataBase.inc";
    $result = DataBase::select("staff", null, array("username" => $_POST["username"]));
    if ($result <> false && $result[0]["password"] == md5($_POST["password"])) {
        $_SESSION["user"] = $_POST["username"];
        $_SESSION["user_first_name"] = $result[0]["first_name"];
        $_SESSION["user_last_name"] = $result[0]["last_name"];
        $result = DataBase::select("staff_roles", null, array("username" => $_POST["username"]));
        $roles = array();
        if ($result <> false)
            foreach ($result as $r)
                array_push($roles, $r["role"]);
        $_SESSION["user_roles"] = $roles;
        header('Location: index.php');
        die();
    }
}
?>
